mbedtls: Prevent arithmetic overflow on bounds check

Part of the patch for CVE-2018-9989.
Cherry-picked from 5224a7544c.
Ref. https://github.com/espressif/esp-idf/issues/1860
This commit is contained in:
Ivan Grokhotkov 2018-04-19 11:50:11 +08:00
parent f58c664e2b
commit ffab6084f0

View File

@ -2052,7 +2052,7 @@ static int ssl_parse_server_psk_hint( mbedtls_ssl_context *ssl,
len = (*p)[0] << 8 | (*p)[1]; len = (*p)[0] << 8 | (*p)[1];
*p += 2; *p += 2;
if( (*p) + len > end ) if( (*p) > end - len )
{ {
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message " MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message "
"(psk_identity_hint length)" ) ); "(psk_identity_hint length)" ) );